The British government may have found a way out of increasing pressure to ban equipment from Huawei Technologies from being used in the new 5G cellular networks because of concerns the company will crumble under pressure from China to help in spying on commercial companies and governments.
According to Reuters and the Financial Review, the U.K. National Cyber Security Centre has determined that there are ways to limit the risks from using Huawei gear.
There were no details on how the British feel they can deal with possible threats from a company from China that supplies U.K. carriers. However, both news stories said officals think the risk can be mitigated.
Last year Scott Jones, the assistant deputy minister for federal IT security and the head of the Canadian Centre for Cyber Security said something similar. “As we look at our telecom networks, we take the approach that we want to look at this as an entire system, and defend against all forms of cyber risk,” he told a parliamentary committee when asked why Ottawa hasn’t banned Huawei. The word he used at the time was resiliency — making sure a product, the supply chain and other parts of a data system are adequately protected, “We have a well-established relationship with all telecommunications providers in Canada to work on raising that resiliency bar regardless of the vendor, regardless of where equipment comes from… it’s really about trying to protect against all risks and not just one specific one.”
While some took his comments to mean his department felt it could handle Huawei 5G equipment, Jones later said he meant the comments to apply to Huawei’s existing 3G/4G gear and not newer equipment for which the government has yet to make a decision.
If the U.K. report is true it will also help Ottawa, which is also trying to decide if there is a security risk from allowing Chinese-made equipment into the new networks. The Globe and Mail quoted Scott Bardsley, a spokesperson for Public Safety Minister Ralph Goodale saying the government will listen closely to the views of its allies.
The U.S., Australia and New Zealand — partners with Canada and the U.K. in the Five Eyes intelligence co-0perative — have already agreed to ban Huawei equipment.
The U.S. is leading the push. According to the Financial Review, the Munich Security Conference over the weekend U.S. vice-president Mike Pence said Huawei posed a threat because of a law that requires telecom companies to share data with the Chinese government.
Canadian carriers Bell Canada and Telus, which extensively use Huawei switching equipment in their access networks (but not in the network core) are waiting for a decision from the government.
While some countries are now wary about Huawei equipment, others are looking for a way to not confront China and have access to the affordable equipment from Huawei. Recently, for example, Reuters reported that Germany’s Deutsche Telekom has proposed that all critical infrastructure in that country be certified by independent labs under government oversight. Network equipment makers would have to submit the source code that runs on their equipment to a trusted third party for inspection.
And the GSMA, which represents hundreds of carriers around the world, last week urged governments and mobile operators to create an assurance testing and certification regime for Europe “so that it ensures confidence in network security while maintaining competition in the supply of network equipment.”
Mobile operators already invest heavily in making sure their networks and equipment are secure, said the association. “Mobile operators, as well as some government security agencies, have meticulously tested mobile network infrastructure for years and have not discovered any evidence of wrongdoing.”
Canada and Huawei already have a quiet agreement to have equipment and software looked at, according to the Globe and Mail. The U.K. already has a formal arrangement with a lab called the Huawei Cyber Security Evaluation Centre. That body is expected to publish its annual report soon.